openssl_random_pseudo_bytes

Description

Generates a string of pseudo-random bytes, with the number of bytes
determined by the length parameter.

It also indicates if a cryptographically strong algorithm was used to produce the
pseudo-random bytes, and does this via the optional crypto_strong
parameter. It's rare for this to be FALSE, but some systems may be broken or old.

Parameters

length

The length of the desired string of bytes. Must be a positive integer. PHP will
try to cast this parameter to a non-null integer to use it.

crypto_strong

If passed into the function, this will hold a boolean value that determines
if the algorithm used was "cryptographically strong", e.g., safe for usage with GPG,
passwords, etc. TRUE if it did, otherwise FALSE

Return Values

Returns the generated string of bytes on success, or FALSE on failure.

Note that a solution where the result is truncated using the modulo operator ( % ) is not cryptographically secure, as the generated numbers are not equally distributed, i.e. some numbers may occur more often than others.

A better solution than using the modulo operator is to drop the result if it is too large and generate a new one.